From: Johannes Sixt <j.sixt@viscovery.net>
To: Dmitry Potapov <dpotapov@gmail.com>
Cc: Giovanni Funchal <gafunchal@gmail.com>,
git@vger.kernel.org, "Shawn O. Pearce" <spearce@spearce.org>
Subject: Re: Files with colons under Cygwin
Date: Mon, 06 Oct 2008 08:54:44 +0200 [thread overview]
Message-ID: <48E9B634.6040909@viscovery.net> (raw)
In-Reply-To: <20081004233945.GM21650@dpotapov.dyndns.org>
Dmitry Potapov schrieb:
> Subject: [PATCH] correct verify_path for Windows
>
> Colon and backslash in names may be used on Windows to overwrite files
> outside of the working directory.
>
> Signed-off-by: Dmitry Potapov <dpotapov@gmail.com>
> ---
> read-cache.c | 10 ++++++++++
> 1 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/read-cache.c b/read-cache.c
> index 901064b..972592e 100644
> --- a/read-cache.c
> +++ b/read-cache.c
> @@ -701,6 +701,16 @@ inside:
> }
> return 0;
> }
> +#if defined(_WIN32) || defined(__CYGWIN__)
> + /*
> + * There is a bunch of other characters that are not allowed
> + * in Win32 API, but the following two create a security hole
> + * by allowing to overwrite files outside of the working tree,
> + * therefore they are explicitly prohibited.
> + */
> + else if (c == ':' || c == '\\')
> + return 0;
> +#endif
> c = *path++;
> }
> }
IIUC, verify_path() checks paths that were found in the database or the
index. As such, it checks for the integrity of the database. And paths
with backslashes or colons certainly do not violate the database integrity.
More precisely, the exchange of path names between the index and tree
objects (both directions) should not do this new check, nor if a path is
added to the index. The check is only meaningful[*] when a path is read
from the index or a tree object and "applied" to the working directory.
Unfortunately, I think there are lots of places where this happens.
[*] I say "meaningful" and not "necessary" because the situation is just
like when you grab some random SoftwarePackage.tar.gz, and run ./configure
without looking first what it is going to do.
-- Hannes
next prev parent reply other threads:[~2008-10-06 6:58 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-02 14:02 Files with colons under Cygwin Giovanni Funchal
2008-10-04 23:39 ` Dmitry Potapov
2008-10-05 9:04 ` Alex Riesen
2008-10-05 9:14 ` Alex Riesen
2008-10-05 19:51 ` Dmitry Potapov
2008-10-05 9:28 ` Giovanni Funchal
2008-10-06 6:54 ` Johannes Sixt [this message]
2008-10-07 0:53 ` Dmitry Potapov
2008-10-07 6:13 ` Johannes Sixt
2008-10-07 2:05 ` Joshua Juran
2008-10-07 3:26 ` [PATCH v2] correct verify_path for Windows Dmitry Potapov
2008-10-07 6:18 ` Johannes Sixt
2008-10-11 16:33 ` Dmitry Potapov
2008-10-11 22:58 ` Alex Riesen
2008-10-12 13:50 ` Dmitry Potapov
2008-10-12 18:18 ` Alex Riesen
2008-10-13 6:00 ` Johannes Sixt
2008-10-13 6:18 ` Alex Riesen
2008-10-07 6:25 ` Alex Riesen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48E9B634.6040909@viscovery.net \
--to=j.sixt@viscovery.net \
--cc=dpotapov@gmail.com \
--cc=gafunchal@gmail.com \
--cc=git@vger.kernel.org \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).